Limit setcap search to PATH for cross builds preventing host contamination. Add DEPENDS for libcap-native to supply this for PACKAGECONFIG libcap.
The previous setting of NO_SETCAP_OR_SUID broke setuid or setcap of /bin/ping and other executables. Signed-off-by: Jate Sujjavanich <jate...@gmail.com> --- ...tcap-search-to-PATH-for-cross-builds.patch | 33 +++++++++++++++++++ .../iputils/iputils_s20200821.bb | 3 +- 2 files changed, 35 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-extended/iputils/iputils/0001-Limit-setcap-search-to-PATH-for-cross-builds.patch diff --git a/meta/recipes-extended/iputils/iputils/0001-Limit-setcap-search-to-PATH-for-cross-builds.patch b/meta/recipes-extended/iputils/iputils/0001-Limit-setcap-search-to-PATH-for-cross-builds.patch new file mode 100644 index 0000000000..b09cdb5f13 --- /dev/null +++ b/meta/recipes-extended/iputils/iputils/0001-Limit-setcap-search-to-PATH-for-cross-builds.patch @@ -0,0 +1,33 @@ +From aedb7811d1e9b0eae5d33b5bed39f6219a06a8dc Mon Sep 17 00:00:00 2001 +From: Jate Sujjavanich <jate...@gmail.com> +Date: Thu, 18 Feb 2021 21:35:03 -0500 +Subject: [PATCH] Limit setcap search to PATH for cross builds + +Upstream-Status: Pending +--- + meson.build | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/meson.build b/meson.build +index aff75a2..16bbfb6 100644 +--- a/meson.build ++++ b/meson.build +@@ -215,7 +215,14 @@ config_h = configure_file( + output : 'config.h', + configuration : conf) + +-setcap = find_program('setcap', '/usr/sbin/setcap', '/sbin/setcap', required : false) ++if meson.is_cross_build() ++ message('limit setcap search to PATH') ++ path_setcap = ['setcap'] ++else ++ message('search for setcap in PATH and admin dirs') ++ path_setcap = ['setcap', '/usr/sbin/setcap', '/sbin/setcap'] ++endif ++setcap = find_program(path_setcap, required : false) + if cap_dep.found() and setcap.found() + perm_type = 'caps' + setcap_path = setcap.path() +-- +2.30.0 + diff --git a/meta/recipes-extended/iputils/iputils_s20200821.bb b/meta/recipes-extended/iputils/iputils_s20200821.bb index 8b63a23c61..31fe1acdaf 100644 --- a/meta/recipes-extended/iputils/iputils_s20200821.bb +++ b/meta/recipes-extended/iputils/iputils_s20200821.bb @@ -12,6 +12,7 @@ DEPENDS = "gnutls" SRC_URI = "git://github.com/iputils/iputils \ file://0001-rarpd-rdisc-Drop-PrivateUsers.patch \ + file://0001-Limit-setcap-search-to-PATH-for-cross-builds.patch \ " SRCREV = "23c3782ae0c7f9c6ae59dbed8ad9204f8758542b" @@ -26,7 +27,7 @@ CVE_CHECK_WHITELIST += "CVE-2000-1213 CVE-2000-1214" PACKAGECONFIG ??= "libcap rarpd \ ${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ninfod traceroute6', '', d)} \ ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}" -PACKAGECONFIG[libcap] = "-DUSE_CAP=true, -DUSE_CAP=false, libcap" +PACKAGECONFIG[libcap] = "-DUSE_CAP=true, -DUSE_CAP=false, libcap libcap-native" PACKAGECONFIG[libidn] = "-DUSE_IDN=true, -DUSE_IDN=false, libidn2" PACKAGECONFIG[gettext] = "-DUSE_GETTEXT=true, -DUSE_GETTEXT=false, gettext" PACKAGECONFIG[ninfod] = "-DBUILD_NINFOD=true,-DBUILD_NINFOD=false," -- 2.25.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#148358): https://lists.openembedded.org/g/openembedded-core/message/148358 Mute This Topic: https://lists.openembedded.org/mt/80761492/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-